Add libwrap support to supfilesrv, as annnounced 2 weeks ago on tech-userlevel,
conditioned by #ifdef LIBWRAP (on by default). I renamed '-l' (the 'live' mode) to '-d' and '-l' is now used to enable logging of successfull connections, to be consistent with what other NetBSD daemon use. These changes are on on sup2.fr.netbsd.org since 2 weeks.
This commit is contained in:
parent
5cfe8783f9
commit
28602510ee
@ -1,6 +1,6 @@
|
||||
# $NetBSD: Makefile.inc,v 1.4 1998/01/21 09:07:04 mikel Exp $
|
||||
# $NetBSD: Makefile.inc,v 1.5 1999/08/24 15:52:52 bouyer Exp $
|
||||
|
||||
CPPFLAGS+=-UCMUCS -UCMU -UMACH -DVAR_TMP -DHAS_DAEMON -DHAS_POSIX_DIR
|
||||
CPPFLAGS+=-UCMUCS -UCMU -UMACH -DVAR_TMP -DHAS_DAEMON -DHAS_POSIX_DIR -DLIBWRAP
|
||||
CPPFLAGS+=-I${.CURDIR}/../source -I${.CURDIR}/../lib -I${.CURDIR}/../sys
|
||||
CPPFLAGS+=-DEE_XXX
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: log.c,v 1.4 1999/04/12 20:48:07 pk Exp $ */
|
||||
/* $NetBSD: log.c,v 1.5 1999/08/24 15:52:53 bouyer Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1992 Carnegie Mellon University
|
||||
@ -154,3 +154,82 @@ va_dcl
|
||||
printf ("%s\n",buf);
|
||||
(void) fflush (stdout);
|
||||
}
|
||||
|
||||
#ifdef LIBWRAP
|
||||
#include <tcpd.h>
|
||||
#ifndef LIBWRAP_ALLOW_FACILITY
|
||||
# define LIBWRAP_ALLOW_FACILITY LOG_AUTH
|
||||
#endif
|
||||
#ifndef LIBWRAP_ALLOW_SEVERITY
|
||||
# define LIBWRAP_ALLOW_SEVERITY LOG_INFO
|
||||
#endif
|
||||
#ifndef LIBWRAP_DENY_FACILITY
|
||||
# define LIBWRAP_DENY_FACILITY LOG_AUTH
|
||||
#endif
|
||||
#ifndef LIBWRAP_DENY_SEVERITY
|
||||
# define LIBWRAP_DENY_SEVERITY LOG_WARNING
|
||||
#endif
|
||||
int allow_severity = LIBWRAP_ALLOW_FACILITY|LIBWRAP_ALLOW_SEVERITY;
|
||||
int deny_severity = LIBWRAP_DENY_FACILITY|LIBWRAP_DENY_SEVERITY;
|
||||
|
||||
void
|
||||
#ifdef __STDC__
|
||||
logdeny(char *fmt,...)
|
||||
#else
|
||||
/*VARARGS*//*ARGSUSED*/
|
||||
logdeny(va_alist)
|
||||
va_dcl
|
||||
#endif
|
||||
{
|
||||
char buf[STRINGLENGTH];
|
||||
va_list ap;
|
||||
|
||||
#ifdef __STDC__
|
||||
va_start(ap,fmt);
|
||||
#else
|
||||
char *fmt;
|
||||
|
||||
va_start(ap);
|
||||
fmt = va_arg(ap,char *);
|
||||
#endif
|
||||
vsnprintf(buf, sizeof(buf), fmt, ap);
|
||||
va_end(ap);
|
||||
if (opened) {
|
||||
syslog (deny_severity, buf);
|
||||
return;
|
||||
}
|
||||
printf ("%s\n",buf);
|
||||
(void) fflush (stdout);
|
||||
}
|
||||
|
||||
void
|
||||
#ifdef __STDC__
|
||||
logallow(char *fmt,...)
|
||||
#else
|
||||
/*VARARGS*//*ARGSUSED*/
|
||||
logallow(va_alist)
|
||||
va_dcl
|
||||
#endif
|
||||
{
|
||||
char buf[STRINGLENGTH];
|
||||
va_list ap;
|
||||
|
||||
#ifdef __STDC__
|
||||
va_start(ap,fmt);
|
||||
#else
|
||||
char *fmt;
|
||||
|
||||
va_start(ap);
|
||||
fmt = va_arg(ap,char *);
|
||||
#endif
|
||||
vsnprintf(buf, sizeof(buf), fmt, ap);
|
||||
va_end(ap);
|
||||
if (opened) {
|
||||
syslog (allow_severity, buf);
|
||||
return;
|
||||
}
|
||||
printf ("%s\n",buf);
|
||||
(void) fflush (stdout);
|
||||
}
|
||||
|
||||
#endif /* LIBWRAP */
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: supextern.h,v 1.9 1999/08/02 05:36:05 erh Exp $ */
|
||||
/* $NetBSD: supextern.h,v 1.10 1999/08/24 15:52:54 bouyer Exp $ */
|
||||
|
||||
struct stat;
|
||||
|
||||
@ -35,6 +35,10 @@ void logopen __P((char *));
|
||||
void logquit __P((int, char *, ...));
|
||||
void logerr __P((char *, ...));
|
||||
void loginfo __P((char *, ...));
|
||||
#ifdef LIBWRAP
|
||||
void logdeny __P((char *, ...));
|
||||
void logallow __P((char *, ...));
|
||||
#endif
|
||||
|
||||
/* netcryptvoid.c */
|
||||
int netcrypt __P((char *));
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: supfilesrv.c,v 1.17 1999/04/12 20:48:08 pk Exp $ */
|
||||
/* $NetBSD: supfilesrv.c,v 1.18 1999/08/24 15:52:56 bouyer Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1992 Carnegie Mellon University
|
||||
@ -28,8 +28,9 @@
|
||||
/*
|
||||
* supfilesrv -- SUP File Server
|
||||
*
|
||||
* Usage: supfilesrv [-l] [-P] [-N] [-R] [-S]
|
||||
* -l "live" -- don't fork daemon
|
||||
* Usage: supfilesrv [-d] [-l] [-P] [-N] [-R] [-S]
|
||||
* -d "debug" -- don't fork daemon
|
||||
* -l "log" -- print successull connects (when compiled with libwrap)
|
||||
* -P "debug ports" -- use debugging network ports
|
||||
* -N "debug network" -- print debugging messages for network i/o
|
||||
* -R "RCS mode" -- if file is an rcs file, use co to get contents
|
||||
@ -37,6 +38,9 @@
|
||||
*
|
||||
**********************************************************************
|
||||
* HISTORY
|
||||
* 2-Aug-99 Manuel Bouyer at LIP6
|
||||
* Added libwrap support
|
||||
*
|
||||
* 13-Sep-92 Mary Thompson (mrt) at Carnegie-Mellon University
|
||||
* Changed name of sup program in xpatch from /usr/cs/bin/sup to
|
||||
* /usr/bin/sup for exported version of sup.
|
||||
@ -250,6 +254,9 @@
|
||||
# include <sys/mkdev.h>
|
||||
# include <sys/statvfs.h>
|
||||
#endif
|
||||
#ifdef LIBWRAP
|
||||
#include <tcpd.h>
|
||||
#endif
|
||||
|
||||
#include "supcdefs.h"
|
||||
#include "supextern.h"
|
||||
@ -302,7 +309,10 @@ jmp_buf sjbuf; /* jump location for network errors */
|
||||
TREELIST *listTL; /* list of trees to upgrade */
|
||||
|
||||
int silent; /* -S flag */
|
||||
int live; /* -l flag */
|
||||
#ifdef LIBWRAP
|
||||
int clog; /* -l flag */
|
||||
#endif
|
||||
int live; /* -d flag */
|
||||
int dbgportsq; /* -P flag */
|
||||
extern int scmdebug; /* -N flag */
|
||||
extern int netfile;
|
||||
@ -376,6 +386,9 @@ char **argv;
|
||||
sigset_t nset, oset;
|
||||
struct sigaction chld,ign;
|
||||
time_t tloc;
|
||||
#ifdef LIBWRAP
|
||||
struct request_info req;
|
||||
#endif
|
||||
|
||||
/* initialize global variables */
|
||||
pgmversion = PGMVERSION; /* export version number */
|
||||
@ -396,8 +409,23 @@ char **argv;
|
||||
PROTOVERSION,PGMVERSION,scmversion,fmttime (tloc));
|
||||
if (live) {
|
||||
x = service ();
|
||||
|
||||
if (x != SCMOK)
|
||||
logquit (1,"Can't connect to network");
|
||||
#ifdef LIBWRAP
|
||||
request_init(&req, RQ_DAEMON, "supfilesrv", RQ_FILE, netfile,
|
||||
NULL);
|
||||
fromhost(&req);
|
||||
if (hosts_access(&req) == 0) {
|
||||
logdeny("refused connection from %.500s",
|
||||
eval_client(&req));
|
||||
servicekill();
|
||||
exit(1);
|
||||
}
|
||||
if (clog) {
|
||||
logallow("connection from %.500s", eval_client(&req));
|
||||
}
|
||||
#endif
|
||||
answer ();
|
||||
(void) serviceend ();
|
||||
exit (0);
|
||||
@ -424,6 +452,21 @@ char **argv;
|
||||
sigaddset(&nset, SIGCHLD);
|
||||
sigprocmask(SIG_BLOCK, &nset, &oset);
|
||||
if ((pid = fork()) == 0) { /* server process */
|
||||
#ifdef LIBWRAP
|
||||
request_init(&req, RQ_DAEMON, "supfilesrv", RQ_FILE,
|
||||
netfile, NULL);
|
||||
fromhost(&req);
|
||||
if (hosts_access(&req) == 0) {
|
||||
logdeny("refused connection from %.500s",
|
||||
eval_client(&req));
|
||||
servicekill();
|
||||
exit(1);
|
||||
}
|
||||
if (clog) {
|
||||
logallow("connection from %.500s",
|
||||
eval_client(&req));
|
||||
}
|
||||
#endif
|
||||
(void) serviceprep ();
|
||||
answer ();
|
||||
(void) serviceend ();
|
||||
@ -457,7 +500,11 @@ chldsig(snum)
|
||||
void
|
||||
usage ()
|
||||
{
|
||||
quit (1,"Usage: supfilesrv [ -l | -P | -N | -C <max children> | -H <host> <user> <cryptfile> <supargs> ]\n");
|
||||
#ifdef LIBWRAP
|
||||
quit (1,"Usage: supfilesrv [ -l | -d | -P | -N | -C <max children> | -H <host> <user> <cryptfile> <supargs> ]\n");
|
||||
#else
|
||||
quit (1,"Usage: supfilesrv [ -d | -P | -N | -C <max children> | -H <host> <user> <cryptfile> <supargs> ]\n");
|
||||
#endif
|
||||
}
|
||||
|
||||
void
|
||||
@ -477,6 +524,9 @@ char **argv;
|
||||
candorcs = FALSE;
|
||||
#endif
|
||||
live = FALSE;
|
||||
#ifdef LIBWRAP
|
||||
clog = FALSE;
|
||||
#endif
|
||||
dbgportsq = FALSE;
|
||||
scmdebug = 0;
|
||||
clienthost = NULL;
|
||||
@ -490,7 +540,12 @@ char **argv;
|
||||
case 'S':
|
||||
silent = TRUE;
|
||||
break;
|
||||
#ifdef LIBWRAP
|
||||
case 'l':
|
||||
clog = TRUE;
|
||||
break;
|
||||
#endif
|
||||
case 'd':
|
||||
live = TRUE;
|
||||
break;
|
||||
case 'P':
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $NetBSD: supservers.8,v 1.5 1999/04/12 20:48:08 pk Exp $
|
||||
.\" $NetBSD: supservers.8,v 1.6 1999/08/24 15:52:56 bouyer Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1992 Carnegie Mellon University
|
||||
.\" All Rights Reserved.
|
||||
@ -36,6 +36,9 @@ supfilesrv, supscan \- sup server processes
|
||||
supfilesrv
|
||||
[
|
||||
.I
|
||||
-d
|
||||
] [
|
||||
.I
|
||||
-l
|
||||
] [
|
||||
.I
|
||||
@ -103,7 +106,7 @@ Supfilesrv
|
||||
generally runs as a network server process that listens for connections,
|
||||
and for each connection (double-)forks a process to handle the interaction
|
||||
with the client.
|
||||
However, with the -l flag, no forking will take place:
|
||||
However, with the -d flag, no forking will take place:
|
||||
the server will listen for a network connection, handle it, and exit.
|
||||
This is useful for debugging the servers in "live" mode rather than as
|
||||
daemons.
|
||||
@ -122,6 +125,10 @@ on
|
||||
To suppress
|
||||
log messages, the -q "quiet" flag can be used.
|
||||
|
||||
.I supfilesrv
|
||||
uses libwrap style access control (the /etc/hosts.allow and /etc/hosts.deny
|
||||
files) with service name "supfilesrv". The -l "log" flag turn on loggin of
|
||||
accepted connections (denied connections are always logged).
|
||||
|
||||
Normally the
|
||||
.I supfilesrv
|
||||
@ -206,6 +213,8 @@ from list file
|
||||
.PP
|
||||
.SH "SEE ALSO"
|
||||
sup(1)
|
||||
hosts_access(5)
|
||||
hosts_options(5)
|
||||
.br
|
||||
.I
|
||||
The SUP Software Upgrade Protocol,
|
||||
|
@ -1,4 +1,4 @@
|
||||
# $NetBSD: Makefile,v 1.1 1997/10/07 01:31:21 thorpej Exp $
|
||||
# $NetBSD: Makefile,v 1.2 1999/08/24 15:52:57 bouyer Exp $
|
||||
|
||||
PROG= supfilesrv
|
||||
SRCS= supfilesrv.c scan.c
|
||||
@ -8,7 +8,7 @@ MLINKS= supservers.8 supfilesrv.8 supservers.8 supscan.8
|
||||
.PATH: ${.CURDIR}/../source
|
||||
|
||||
DPADD= ${LIBSUP} ${LIBCRYPT}
|
||||
LDADD= ${SUPLIB} -lcrypt
|
||||
LDADD= ${SUPLIB} -lcrypt -lwrap
|
||||
|
||||
supfilesrv: .NOPATH
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user